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DETAILED ACTION 

Response to Arguments 

Applicant's arguments filed 26 august 2008 have been fully considered but they 
are not persuasive. 

1 . In light of applicant's amendments, the rejected under 35 U.S.C. 1 1 2, second 
paragraph, of claims 1-9 and 12-18 is withdrawn. 

2. Applicant argues that Ferchichi does not teach "the ICP also provides an 
administration/drive module monitoring access of the user-login-identification means to 
set up a connection and hang up the connection of the user-login-identification means in 
the login web page." 

3. The Examiner disagrees. Ferchichi teaches aside from the lines stated in the 
Office action dated 27 May 2008, the following: "The single sign-on module can be 
realized as a software module running on a microprocessor" (page 6, lines 6-7), "The 
user interface in order to prompt the user for his login name and secrets. This step may 
include displaying a dialog box on a graphical user interface on the display of the user 
equipment, voice prompt, etc" (page 6, lines 13-16). 

4. In response to applicant's argument that the disclosure of Ferchichi is different 
from the recitation "the user-login identification means is provided with an ID number," a 
recitation of the intended use of the claimed invention must result in a structural 
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difference between the claimed invention and the prior art in order to patentably 
distinguish the claimed invention from the prior art. If the prior art structure is capable of 
performing the intended use, then it meets the claim. 

5. Applicant argues the login name and secrets disclosed by Ferchichi is the user's 
identification information, which is completely different from ICP access authentication 
information of the instant invention (page 12-13 of REMARKS). 

6. Firstly, in response to applicant's argument, a recitation of the intended use of the 
claimed invention must result in a structural difference between the claimed invention 
and the prior art in order to patentably distinguish the claimed invention from the prior 
art. If the prior art structure is capable of performing the intended use, then it meets the 
claim. 

7. Secondly, one of ordinary skill in the art would easily recognize the "login name" 
and "secrets" of a "user's identification information" as "access authentication 
information." 

8. Applicant argues that Ferchichi is silent to "the ICP requests to access the user- 
login-identification means." 

9. The Examiner is unable to find this limitation in claim 1 . Applicant is reminded 
that the claims are interpreted in light of the specification, limitations from the 
specification are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 
USPQ2d 1057 (Fed. Cir. 1993). 



Application/Control Number: 10/523,652 
Art Unit: 2135 



Page 4 



1 0. The applicant reminds the applicant that while the user-login-identification means 
can be interpreted as the smart card of Ferchichi, various interpretations of a "user- 
login-identification means" are possible. 

1 1 . Applicant argues that "in Ferchichi, the ID and passwords is the ID and password 
of the user, which is not the identification number of the user-login-identification means." 

12. The Examiner cannot find these limitations in claim 1 . The applicant is reminded 
the claims are interpreted in light of the specification, limitations from the specification 
are not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 USPQ2d 1057 
(Fed.Cir. 1993). 

13. Applicant believes the Examiner has made a miss-interpretation regarding the 
one-way hash function. 

14. The Examiner will clarify the position originally stated and assures the applicant 
the Examiner has not incorrectly interpreted transformation for transmission. 

15. Re claim 10 : Applicant claims the user-login-identification means performs the 
information transmission by operating the computer . Ferchichi teaches, at least, the 
following: "Another known example is the so-called SecurelD authentication process. In 
this case, the user 10 is provided with a token that display a new secret number each 
minute. At each authentication the user enters the new displayed number" (page 8, 
lines 8-12), "3.1 .4 - Cryptographic authenticators" and "This category of cryptographic 
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authentication mechanism is illustrated in Figure 3. In this case, a one-way hash 
function 51 is used to transform the secret 50, together with some other data such as a 
replay attack protection, the user-ID, a sequence number or a random number, in an 
encrypted authenticator 52." As such the 

16. The Examiner upholds the Ferchichi reference. 

1 7. The fact that the Examiner may not have specifically responded to any particular 
arguments made by Applicant and Applicant's Representative, should not be construed 
as indicating Examiner's agreement therewith. 

Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1 and 3-9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ferchichi et al. (WO 01/60013 A1 ), hereinafter referred to as Ferchichi, in view of 
Gupta et al. (U.S. Pat Pub 2001/0037469 A1), hereinafter referred to as Gupta. 

Re claim 1 : A method for centralizing administration of user registration 
information across networks (Abstract: lines 1-3), characterized by: 



Application/Control Number: 10/523,652 Page 6 

Art Unit: 2135 

including at least an Internet Content Provider (ICP) [single sign-on module] and 
a user-login-identification means [Fig 13, elt 17: smart-card] which can access an online 
terminal [mobile phone/laptop] (Abstract: lines 1-3; page 6, lines 4-10); 

wherein the ICP adds an interface module in a login web page (page 6, lines 11- 
14; page 17, lines 5-7) and accesses the user-login-identification means [smart-card] 
via the interface module (page 6, lines 19-22), and the ICP also provides an 
administration/drive module monitoring access of the user-login-identification means to 
set up a connection and hang up the connection for the user-login-identification means 
in the login web page (page 6, lines 19-26); 

the user-login-identification means is provided with an ID number (page 8, lines 
8-11; page 22, lines 19-21), and user's login identification information is stored in the 
user-login-identification means (page 6, lines 24-26; page 12, lines 15-16); 

ICP access authentication information is stored in the user-login-identification 
means to verify whether the accessing ICP is authorized to access (page 6, lines 19- 
26); 

if the accessing ICP passed the verification, its access is permitted, otherwise the 
access is not permitted (page 12, lines 4-14); 

wherein the ICP is permitted to access the user-login-identification means only if 
the ICP is authenticated , when the user-login-identification means is activated (page 
12, lines 15-27) (see also page 13, lines 3-12 and lines 16-26). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the Ferchichi reference to utilize a combination of 
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authentication schemes (i.e. a combination of Authl ,...,Auth9), as shown in figure 13, 
element 17, for the purpose of providing a more secure single-sign-on system while 
using a security token. 

Gupta teaches authenticating comprises, obtaining an authentication file [cookie] 
via the interface module, transmitting the authentication file to the administration/drive 
module 0135), decrypting the authentication file by the administration/drive module, and 
accessing the user-login-identification means (1174, H86). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of Ferdchichi with the teachings of 
Gupta, to securely transmit an authentication file for the verifying authority for the 
purposes of validating the client and verifying document parameters associated with the 
client. One would have also have been motivated to securely transmit the file for the 
purposes of preventing man-in-the-middle attacks. 

Re claim 3 : The combination of Ferchichi and Gupta teaches the ICP accessing 
the user-login-identification means includes checking the user ID identification 
information stored in the user-login-identification means, or generating the user ID 
identification information in the user-login-identification means (Ferchichi: page 6, lines 
24-27 and page 1 1 , lines 19-22). 

Re claim 4 : The combination of Ferchichi and Gupta teaches the ICP reads the 
information stored in the user-login-identification means, and if login identification 
information is obtained, the interface module returns the login identification information 
to the ICP web page and determines whether a login-submit or an automatic submit & 
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login should be performed according to user's setup; if the login identification 
information is not obtained, the interface module informs the web page that the login 
identification information is not available and stores the generated login identification 
information in the user-login-identification means (Gupta: 1J73, 1R7). 

Re claim 5 : The combination of Ferchichi and Gupta teaches an ICP web page is 
provided with a registration information window (Gupta: 1J73); the ICP invokes 
parameters of the interface module and simultaneously saves several sets of 
registration information of a same web page or saves the last set of registration 
information in the user-login-identification means (Gupta: 1174, lines 16-28; 1178, lines 
14-21), and the registration information can also be displayed on the ICP web page 
(Gupta: 1J36, lines 14-16) 

Re claim 6 : The combination of Ferchichi and Gupta teaches an ICP web page is 
provided with a registration information window (Gupta: U73); the ICP accesses the 
user-login-identification means via the interface module (page 6, lines 19-22) and 
verifies the login identification information provided by the ICP web page (Ferchichi: Fig 
3, elts 302, 304 & 316; 1J79 and 1f81), and stores new login identification information in 
the user-login-identification means to overwrite original login identification information 
(Ferchichi: page 45, claim 39 teaches replacing a secret on the smart-card), and 
transfers relating information to the ICP web page (Gupta: 1T77); the information is 
displayed on the web page after being obtained (Gupta: 1J77). 

Re claim 7 : The combination of Ferchichi and Gupta teaches the ICP web page 
is provided with a plurality of window links of the registration information (Gupta: 1J73); 
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the ICP reads the user-login-identification information stored in the user-login- 
identification means and verifies the login identification information provided by the ICP 
web page; if positive, the login identification information is directly read out and the 
relating information is transferred to the ICP web page (Gupta: 1J73, 1R7); the 
information is displayed on the web page after being obtained (Gupta: 1177). if 
verification appears negative, the login identification information is stored in the user- 
login-identification means (Ferchichi and Gupta teach that if credentials provided by a 
combination of the user or the smart-card are invalid, access is denied; ergo, the user- 
login-identification means is unaltered.) 

Re claim 8 : The combination of Ferchichi and Gupta further teaches a login 
verification serving party for implementing prior authentication to the ICP and obtaining 
guide information of the user-login-identification means (Gupta: Fig 3, elt 304; prior to 
authorizing the client session, see steps 310 and 316 of Fig 3, elt 304, a prior 
authentication method, is preformed). 

Re claim 9 : The combination of Ferchichi and Gupta further teaches the ICP is 
connected with a login verification serving party [Gupta: Fig 2, elt 204] which transmits a 
code for accessing the user-login-identification means to the ICP, and the ICP adds the 
login identification information in the login web page according to the code, and the 
interface module transmits the ICP information to the login verification serving party for 
verification; if the ICP information passed the verification, the ICP is permitted to access 
the user-login-identification means, wherein the user activates the user-login- 
identification means by using a password, and then the ICP accesses the login 



Application/Control Number: 10/523,652 Page 10 

Art Unit: 2135 

verification serving party for an authentication via the interface module; if the 
authentication is valid, the ICP can operate the user-login-identification means via the 
interface module and the actuating password used by the user is provided by the login 
verification serving party or preset in the means (Ferchichi: page 6, lines 1 1-26 and 
Gupta: 1173, 1R7); the encryption files of the ICPs transmitted by the login verification 
serving party are different from each other (Ferchichi: page 8, lines 20-24 and Gupta: 
HB6). 

3. Claims 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi and Gupta et al. 
(U.S. Pat Pub 2001/0037469 A1), hereinafter referred to as Gupta, as applied to claim 
1 , in further view of Wu, Wei-Je (TW 480435), hereinafter referred to as Wu. 

Re claim 2 : The combination of Ferchichi and Gupta teaches all the limitations of 
claim 1 as previously discussed and further teach the administration/drive module is 
used to automatically log in, in the case that the ICP accesses the user-login- 
identification means via the interface module and verifies the identification information. 

However, Wu teaches the administration/drive module is used to lead in and/or 
lead out data stored in the user-login-identification means so as to backup the data 
(Abstract). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of Ferchichi and Gupta with the 
teachings of Wu for the purpose of securing content stored on an original smart in the 
event that it is lost, damaged or becomes inaccessible to the user. 
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4. Claims 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi, in view of Wu, 
Wei-Je (TW 480435), hereinafter referred to as Wu. 

Re claim 10 : Ferchichi teaches a system for realizing the method for centralizing 
administration of user registration information across networks (page 1, lines 1-5), 
comprising a computer [Fig 1 , elt 10: user; Fig 15, elts 207 & 209: mobile users], 
Internet networks [page 6, lines 1—13; page 19, line 15], at least an ICP [Fig 1, elt 13: 
single sign-on module] and a user-login-identification means [Fig 1, elt 17: smart-card], 
wherein the computer is used for logging in the Internet networks to communicate with 
different ICPs (Fig 13, elts 162-169: authentication servers; page 16, lines 15-24); the 
user-login-identification means is for accessing the computer from outside (page 6, lines 
1 9-22) and has at least an identification number (page 8, lines 8-1 1 ; page 22, lines 1 9- 
21) the user-login-identification means performs the information transmission by 
operating the computer (page 8, lines 20-24). 

However, Wu teaches the user-login-identification means is capable of 
encryption storage space (Abstract). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the Ferchichi reference user-login-identification 
means to incorporate an encrypted storage space, as taught by Wu, for the purpose of 
securing secret data on the card without revealing the content to the holder of the user- 
login-identification means. 
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5. Claims 11-18 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Ferchichi et al. (WO 01/60013 A1), hereinafter referred to as Ferchichi and Wu, Wei-Je 
(TW 480435), hereinafter referred to as Wu, as applied to claim 10, in further view of 
Gupta et al. (U.S. Pat Pub 2001/0037469 A1 ), hereinafter referred to as Gupta. 

Re claim 1 1 : Ferchichi in view of Wu teach all the limitations of claim 1 0 as 
previously stated. 

However, Gupta teaches the ICP is connected with a login verification serving 
party [Fig 2, elt 204] which transmits a code for accessing the user-login-identification 
means to the ICP, and the ICP adds the login identification information in a login web 
page according to the code, and an interface module transmits ICP information to the 
login verification serving party for verification fl[73, 1J77); if the verification is valid, the 
ICP is permitted to access the user-login-identification means, and the login verification 
serving party is a server (^73, 1f77; Fig 2, elt 204). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have modified the teachings of the Ferchichi and Wu references 
with the teachings of the Gupta reference for the purpose of providing a remote sso 
authentication means via a smart-card using a web-page applet. 

Re claim 12 : The combination of Ferchichi, Wu and Gupta teaches information 
transmission between the computer and the user-login-identification means is 
processed with encryption or decryption (Ferchichi: Table on pages 14-15); the 
encryption includes protecting an encryption area by using the user's PIN code or 
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utilizing RSA 512PKI key management encryption method (Ferchichi: Table on pages 
14-15). 

Re claim 13 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is also provided with a storage region for storing the 
information of the ICP itself (Ferchichi: page 3, lines 1-2). 

Re claim 14 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is an external and portable memory means with a standard 
data interface, or a card-reader means or an ID identifying means thereof (Ferchichi: 
(page 8, lines 8-1 1 ; page 1 1 , lines 23-26; page 22, lines 1 9-21 ). 

Re claim 15 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is a USB storage device, a CF card, a MMC card, a SD card, 
a SMC card, an IBM Micro Drive card, a flash storage module or an IC card (Ferchichi: 
Abstract; page 1, lines 1-2). 

Re claim 16 : The combination of Ferchichi, Wu and Gupta teaches the portable 
memory card-reader means is a CF card processor, a MMC card processor, a SD card 
processor, a SMC card processor, an IBM Micro Drive card processor or an IC card 
processor (Ferchichi: page 19, lines 6-14; page 33, lines 9-12). 

Re claim 17 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is a computer peripheral (Ferchichi: Abstract: lines 1-3; page 
19, lines 6-14). 
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Re claim 18 : The combination of Ferchichi, Wu and Gupta teaches the user- 
login-identification means is a portable PDA, a music player or an electrical dictionary 
(Ferchichi: Abstract: lines 1-3; page 19, lines 6-14). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARREN SCHWARTZ whose telephone number is 
(571)270-3850. The examiner can normally be reached on 8am-4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571)272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

ID. SV 

Examiner, Art Unit 2135 
/KimYen Vu/ 

Supervisory Patent Examiner, Art Unit 2435 



